Microsoft Previews Defender for APIs in Defender for Cloud
Microsoft this week introduced a preview of a new "Microsoft Defender for APIs" security solution, which is part of the Microsoft Defender for Cloud service.
Microsoft Defender for Cloud is used to add security and compliance protections for so-called "cloud-native applications," such as workloads hosted across "Amazon Web Services, Google Cloud Platform and Azure Cloud Services," according to this Microsoft description. It's not to be confused with Microsoft Defender for Cloud Apps, which is used to detect security risk issues with software-as-a-service applications.
The new Microsoft Defender for APIs solution in the Microsoft Defender for Cloud service lets organizations "gain visibility into business-critical APIs." Microsoft promises "full lifecycle protection, detection and response coverage" with Microsoft Defender for APIs, according to this Microsoft document description.
Organizations can inventory their managed APIs in a dashboard view, and check for "external, unused, or unauthenticated APIs." The APIs get compared with the OWASP Top 10 security risks for software via a machine learning process. Microsoft Defender for APIs also will show the APIs that are tapping sensitive data. It allows organizations to harden the configurations used with the APIs.
Microsoft Defender for APIs information gets shown in the Microsoft Defender for Cloud Portal or the Azure Portal. Alerts and security recommendations also are shown, and Microsoft Defender for APIs will work with various security information and event management (SIEM) systems.
APIs are used to enable communications between "users, cloud services and data," but they tend to be "loved by developers and threat actors alike," Microsoft's announcement indicated.
"Threat actors increasingly use APIs as their primary attack vector to breach data from cloud applications, which means API security is now a critical priority for CISOs," the announcement explained. It added that typical perimeter-based security controls lack "API behavioral knowledge, which leaves a big hole in API security."
Microsoft's example is the breach of Austrian telco Optus, where customer information was exposed due to "an unprotected and publicly exposed API" that didn't require user authentication for connections.
The preview of Microsoft Defender for APIs is "now available in most Azure commercial regions."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.